As remote access of computer systems and applications grows in popularity, the number and variety of transactions which are accessed remotely over public networks such as the Internet has increased dramatically. This popularity has underlined a need for security; in particular: how to ensure that people who are remotely accessing an application are who they claim they are, how to ensure that transactions being conducted remotely are initiated by legitimate individuals, and how to ensure that transaction data has not been altered before being received at an application server.
In the past, application providers have relied on static passwords to provide the security for remote applications. In recent years it has become evident that static passwords are not sufficient and that more advanced security technology is required.
In one solution a dynamic password is generated which the user passes to the application instead of (or in addition to) a static password. The dynamic password is generated on the client side by cryptographically combining a dynamic variable with a cryptographic secret that is shared between the client-side apparatus on the one hand and a server-side verification entity on the other hand. The dynamic variable can be a time-based value, a counter-based value, a challenge (which, for example, may be provided by the application server), or even transaction data representing the transaction the user wants to submit to the application server, or any combination of the foregoing. The dynamic variable can be cryptographically combined with the shared cryptographic secret, for example, by applying a symmetric cryptographic algorithm to the dynamic variable that is parameterized with the shared cryptographic secret. For example, the dynamic variable can be encrypted using a symmetric encryption algorithm such as AES (Advanced Encryption Standard) or a concatenation of the dynamic variable and the shared secret can be hashed by a hashing algorithm such as SHA-1 (Secure Hashing Algorithm 1). In many cases the resulting cryptogram is truncated and then converted into a string of characters. This string of characters, often called a one-time password or OTP, is then displayed to the user for the user to manually copy and transfer to an application. If the dynamic variable is based on a challenge then the string of characters may be referred to as a response. If the dynamic variable is based on a challenge then the string of characters could be considered to be a signature over the transaction data. In what follows the term OTP may refer also to such responses or signatures. Because OTPs are often manually copied by the user, they are typically kept rather short, usually shorter than the cryptogram from which they have been made. At the application server side the received OTP can then be verified. This typically happens by generating an expected reference value for the OTP and comparing the received OTP with the generated reference value. The client devices to generate the OTPs include dedicated hardware authentication tokens with their own display and sometimes with a keypad for entry of a PIN (Personal Identification Number), or general purpose computing devices such as for example, smart phones running authentication software for emulating dedicated hardware authentication tokens.